Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2277

Ensure Cluster Machine Approver metrics are only available via HTTPS

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Critical
    • None
    • None
    • 2
    • CLOUD Sprint 245

    Description

      Background

      CMA currently exposes metrics on two ports via the 0.0.0.0 all hosts binding. We need to make sure that only the TLS port is accessible from outside localhost.

      Steps

      • Move the binding for the local metrics server to localhost only
      • Ensure kube-rbac-proxy is still proxying the requests over TLS

      Stakeholders

      • Cluster Infra
      • Subin M

      Definition of Done

      • Metrics from CMA are only exposed over TLS
      • Docs
      • <Add docs requirements for this card>
      • Testing
      • <Explain testing that will be added>

      Attachments

        Activity

          People

            raryan@redhat.com Rachel Ryan
            joelspeed Joel Speed
            Milind Yadav Milind Yadav
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: